The Harman Automotive Services team is looking for a Senior Principal Cloud Security Architect that will lead security efforts for the Harman Ignite automotive cloud platform. This platform leverages big data, cloud computing, and machine learning techniques to provide rich end-to-end connected vehicle services. The successful candidate will have a demonstrated track record of success securing web services on various cloud infrastructures.
* Leads application security for the end-to-end platform. This includes on-vehicle ECU and head unit components as well as cloud platform, service, and storage components.
* Specifies, designs, and implements end-to-end solutions and system architectures for connected vehicle SaaS products and associated software components.
* Provides security oversight on projects to ensure alignment with corporate, legal, and regulatory requirements, security guidelines, customer security requirements, and industry standards
* Drives security processes and procedures across development and operations teams following ITIL and ISO 27001 guidelines
* Assess technical design and overall technology roadmap to ensure we meet our security and performance objectives
* Responsible for compliance to privacy related regulations
* Acts as a security focal point for local customers and supports both sales and delivery efforts
* Stays up-to-date on trends in cloud computing and automotive head unit architectures
* Bachelors Degrees in Computer Science or equivalent
* 10+ years software development and/or architecture experience with large distributed systems
* Software development experience including REST API development and SOA methodology
* Knowledge of security frameworks such as CSA CCM and ISO 27000
* Sound knowledge of application security domains in all phases of secure SDLC
* Experienced in risk assessment and threat modelling, secure coding practices, OWASP and SANS source code vulnerabilities, open-source vulnerability handling, static and dynamic source code scanning, secrets management,
* Expertise with IAM protocols such as OAuth2.0, OIDC, SAML 2.0, authorization policies (such as XACML)
* Well-versed in symmetric and asymmetric cryptography, PKI and certificate management, TLS, HSM
* General knowledge of industry security requirements, standards and best practices
* Excellent communication and documentation skills in English, ability to work collaboratively with global teams.
* CISSP or similar security certifications are a plus.